Addressing threats to health care's core values, especially those stemming from concentration and abuse of power. Advocating for accountability, integrity, transparency, honesty and ethics in leadership and governance of health care.

Saturday, July 07, 2012

Manipulation of 12,000 Medical Records Made Easy by EHR

This from a hospital in Canberra, Australia using a common ED EHR in that part of the world, iSOFT:

A Canberra Hospital executive has admitted to ﻿manipulating Emergency
Department records to make wait times and stays appear shorter than they
were.

The executive told the Director-General of the Health Directorate they had
made "approximately 20 to 30 changes to hospital records" a day from "late 2010"
onwards.

ABC [Australian Broadcasting Corp.] News reported that the matter has been referred to police, while the executive has been
suspended without pay.

Though the data manipulation was initially said to be motivated by concerns
over job security, changes in 2011 and early 2012 were said to have been made
due to "managerial pressure" to improve publicly-reported performance
statistics.

This raises the issue that data manipulation might have been performed not just to improve reported statistics, but to cover up medical error, computer related or not, and thus deny injured patients or their heirs the right to legal redress.

"The only thing that worked to achieve benchmark targets was to alter the
data," the executive later told investigators at PricewaterhouseCoopers (PwC),
which was engaged by Health to perform a forensics analysis. The analysis is
detailed in a new Auditor-General report (pdf).

In total, PwC found 11,700 performance records - about six percent of all
records stored in the hospital's iSOFT emergency department information solution (EDIS) - had
been altered.

It is believed more staff at Canberra Hospital altered records than the
executive that has so far admitted responsibility. "While an executive has admitted to changing EDIS records, it is probable
that EDIS records have also been manipulated by other persons with access to
the system," the federal auditor-general noted overnight.

This is another area where electronic records make possible tasks that are probably impossible with paper. Altering 11,000+ records would be hard in paper charts, as the alterations would likely stick out in a pronounced manner.

"The executive’s admission to Audit does not appear to account for all of the
changes to EDIS records that have been made to improve
timeliness performance."

For example, changes to EDIS records, albeit a much smaller number, appear to
have been made on days when the executive was on leave (seven days in total in
2010-11 and early 2011-12).

I am saddened to note, a proper term for this activity might indeed be "conspiracy": a conspiracy is an agreement between two or more persons to break the law at some time in the future.

User access control, IT security failures

Poor controls such as generic logins and inadequate user and password
security made it easy for insiders to game the data.

While EDIS was on approximately 259 workstations across the hospital and 253
users had permission to run the software, there were only 23 user accounts.

Of these user accounts, only eight were in regular use, including four named
administrator accounts (specific to administrative staff) and four generic user
accounts: CLERK, NURSE, DOCTOR and BEDMAN.

The generic accounts could be used by personnel across the hospital, not just
within the Emergency Department.

Passwords for the four generic user accounts were "very poor" and had "never
been changed". Password expiry was set at a default 999 days.

Audit logs were equally poor, not proactively checked and unreliable.

The proper term for these arrangements might be "gross mismanagement" of clinical information technology.

"A feature of the logging record is that it logs the changed field in
EDIS and a number of other fields simultaneously, while not identifying which
field was changed and what its original value was," auditors noted.

"Audit also notes that the logging record is also ineffective, because every
entry in EDIS is logged from “Workstation 14”.

"Although EDIS has been disseminated widely throughout the Canberra Hospital
each of these users logs into EDIS using the common “Workstation 14”.

"This practice, combined with the use of generic user accounts, makes the
EDIS logging information useless for investigations of unauthorised
activity."

Furthermore, it was possible to edit EDIS records up to 72 hours after a
patient’s treatment, providing a generous window for later unauthorised changes
to the records.

These "features" sound like seller misdesign with regard to the metadata (logging records).

Noticing anomalies

It was only in April this year that a full inquiry was commissioned after
"anomalies" in performance figures were spotted by the Australian Institute of
Health and Welfare (AIHW).

The AIHW found an unusually high number of emergency patients that were
reported to have been seen at exactly within the required time for their illness
category.

For example, there was an unusually high number of patients who were reported
to have been seen at exactly 30 minutes or 60 minutes.

In addition, an unusually high number of people checked out of the Emergency
Department precisely 240 minutes after their recorded arrival.

If you're going to engage in this type of activity, at least be competent at it...instead of setting up a red flag bigger than the flag that used to fly over the Kremlin.

The records that were manipulated mean that publicly reported information
relating to the timeliness of access to the Emergency Department and overall
length of stay in the Emergency Department have been inaccurately reported.

The report could not ascertain the level of over‐estimation due to the lack
of a clear audit trail identifying what were legitimate and what were fabricated
entries in patients’ records.

Timelines can be critical to proving medical negligence in court. Further, if time data could have been manipulated, it seems clinical data could have been manipulated as well.

EHR data manipulation is of unknown magnitude worldwide, but I can imagine if it's easy to do and the benefits potentially substantial, electronic records could possibly be less trustworthy than paper records.

-- SS

Addendum: while on the topic of clinical IT Down Under, there's also this:

The hospital at which the doctors are complaining on the dysfunctional EHR is part of Queensland Health, accused of bias toward IT supplier Cerner Corporation, Kansas City, Mo. The name of the vendor was conspicuously absent from the article you cited.

Our Tenth Anniversary

The tenth anniversary of Health Care Renewal was December 10, 2014. During our anniversary year, please help Health Care Renewal continue to challenge concentration and abuse of power in health care. Donate to FIRM, the Foundation for Integrity and Responsibility in Medicine, a US 501(c)3 non-profit. All contributions are US tax deductible as provided by US law. Our address is 16 Cutler St, Suite 104, Warren, RI, 02885. Email info at firmfound dot org for questions or comments.

FIRM welcomes support from individuals and non-profit organizations. If you are interested in donating to FIRM, please email info at firmfound dot org, snail mail us at 16 Cutler St, Suite 104, Warren, RI, 02885, USA, or see our web-site

Note that FIRM is a 501(c)3 that researches problems with leadership and governance in health care that threaten core values, and disseminates our findings to physicians, health care researchers and policy-makers, and the public at large. FIRM advocates representative, transparent, accountable and ethical health care governance, and hopes to empower health care professionals and patients to promote better health care leadership.

Health Wonk Review

Policies: Blog Roll and Comments

Our blogroll is meant to include blogs that provide interesting content relevant to what we write. It is not an endorsement in any way of any specific blog.

We accept comments, especially from registered Blogger users. If you do not wish to register with Blogger, we will accept anonymous comments, although prefer that they contain identification of the commenter.

We encourage thoughtful comments relevant to the issues brought up by the posts on Health Care Renewal.

All comments are moderated. We will reject spam, profanity, advertising of products or services not directly related to the content of this blog.

We will reject any unsubstantiated accusations or allegations.

Nonetheless, all comments represent only the opinions of those making them. The appearance of comments does not imply endorsement by the Health Care Renewal bloggers.

Please email general comments about the blog, other concerns, or questions to info AT firmfound DOT org